copperx
Pass
Audited by Gen Agent Trust Hub on Apr 24, 2026
Risk Level: SAFEEXTERNAL_DOWNLOADSCOMMAND_EXECUTIONPROMPT_INJECTION
Full Analysis
- [EXTERNAL_DOWNLOADS]: The skill recommends installing the
@membranehq/clipackage globally via npm. This is a vendor-owned resource used for authentication and executing tasks within the Membrane ecosystem. - [COMMAND_EXECUTION]: The instructions utilize the
membraneCLI to perform actions such as connecting to the service, listing available actions, and executing requests against the Copperx API. These commands are transparent and align with the skill's stated purpose of managing Copperx data. - [PROMPT_INJECTION]: The skill identifies a potential surface for indirect prompt injection because it processes data from an external API (Copperx) and possesses write capabilities. Ingestion points: API responses from
membrane action runandmembrane request(SKILL.md). Boundary markers: Not specified. Capability inventory: Creating and updating records via pre-built actions and arbitrary API requests viamembrane request. Sanitization: No explicit logic defined in the skill body. This is a standard characteristic of API integration tools.
Audit Metadata